Commit graph

188 commits

Author SHA1 Message Date
Olivier Goffart
40007537ea
OAuth: Remove the timeout
There is no real reason to have a timeout. The connection can stay open
as long as we are not authenticated. The User can still re-open a browser
from the UI at any time.

Issue #6612
2018-09-09 17:57:38 +02:00
Roeland Jago Douma
9f1f99f4db
Add a WebFlowCredentialsAccessManager
Fixes #279

Some setups don't make Qt emit the right signals and the client would
end up in state where it could not do the initial authentications.
This is a similar hack that apparently already was is place for basic
http auth.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 20:59:25 +02:00
Roeland Jago Douma
08abc71acb
gui Q_UNUSED
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-07-02 13:02:15 +02:00
Roeland Jago Douma
ef2d113930
Mark credentials as valid if there is no error
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
35e8d0437d
Address comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
6809f12e68
Allow the user to sign in again
If the user is signed out (for whatever reason). Show a popup
with the loginflow again.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
ac1664b525
Actually use webflow credentails
* Detect invalid auth (if the users token is removed for example)
* Properly store and fetch from keychain

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
6b43d80c01
Start with persisting credentials
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Daniel Nicoletti
a63d34f870 Prepend "nextcloud" for all logging categories
Thus making easier to exclude logging from kio, qt
and only enable "nextcloud.*"
2017-12-28 17:33:10 -02:00
Daniel Nicoletti
c963259bfb Fix URL in dialog that requests password
An URL that had base like "http://localhost/nextcloud/"
would get the last slash '/' removed and then appended
with "index.php..." resulting in
http://localhost/nextcloudindex.php
2017-12-28 10:00:17 -02:00
Roeland Jago Douma
fe4bb52a6d
Merge remote-tracking branch 'oc/master' into oc_up 2017-12-14 10:27:11 +01:00
Olivier Goffart
74672d493d Utility: use QUrlQuery
For QUrl::setQuery is deprecated in Qt5
2017-12-08 16:15:17 +01:00
Olivier Goffart
ee98daf9ea Shibboleth: Upgrade to OAuth2 When the server supports it
If the server support both Shibboleth and OAuth2, upgrades to OAuth2

Issue #6198
2017-12-04 08:09:34 +01:00
Roeland Jago Douma
462353d0ee
Have correct app password link
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-21 09:17:42 +01:00
Christian Kamm
3ae2071129 DetermineAuth: Remove concept of Unknown #6148
This restores 2.3 behavior. Some servers reply 404 to GETs and PROPFINDs
to the remote.php/webdav/ url and used to work. Being more picky would
break them.
2017-11-14 12:10:35 +01:00
Christian Kamm
9af6e29f42 DetermineAuthType: Adjustments for tight firewalls #6135
With some firewalls we can't GET /remote.php/webdav/. Here we keep the
GET request to detect shibboleth through the redirect pattern but then
use PROPFIND to figure out the http auth method.

Currently we prefer OAuth to Shibboleth to Basic auth.

This also restores the fallback behavior of assuming basic auth
when no auth type can be determined.
2017-11-06 13:09:10 +01:00
Olivier Goffart
a9761a8976 Use qEnvironmentVariable* instead of qgetenv when appropriate
Now that we use Qt5, we should do that. It is slightly more efficient
and declares the intent.
(Modified using clazy)
2017-10-19 13:57:49 +02:00
Christian Kamm
f598ac89ac HttpCreds: Fix retry after wrong password #5989
This is an ugly solution.
2017-10-13 14:24:37 +02:00
Olivier Goffart
0ceb806f1a Test OAuth2
Include a test for PR #6057
2017-09-28 18:38:33 +02:00
Olivier Goffart
1da398e6c6 OAuth: fix compilation with old gcc
We need to used QPointer::data in the signal slot connection

Relates to pr #6065
2017-09-28 10:55:28 +02:00
Olivier Goffart
7af81f7665 OAuth: Fix crash when closing the browser while identifying
To reproduce, log in and click "authorize" on the browser, then close
the browser before the client has replied, (but after redirected to localhost,
i.e. when the client is asking the server for the token)

The problem is that socket can be destroyed so we don't need to answer on a
destroyed socket.
2017-09-26 14:56:57 +02:00
Olivier Goffart
382cc444f0 Httpcreds: Fix double slash in the Request App Password url
Issue #6044
2017-09-23 10:10:40 +02:00
Olivier Goffart
0cec6f08ca OAuth2: Fix double slash in URL
We need to use concatPath to avoid possible double '/' in the URLs if the
account url() ends with '/'.

This has become even more of a problem since commit
d1b8370a4a which was resolving the url after
a redirect where most server actually add a '/' if the url is a folder
2017-09-23 10:10:40 +02:00
Olivier Goffart
35e4fe061d Port to new signal-slot syntax what cannot be done automatically
Some slot were protected or private but needed to be public.
Some needed a static_cast (can't use qOverload because it is in Qt 5.7)

This is not only a partial change.
2017-09-21 14:05:39 +02:00
Olivier Goffart
ff4213b59f Use the Qt5 connection syntax (automated with clazy)
This is motivated by the fact that QMetaObject::noralizeSignature takes 7.35%
CPU of the LargeSyncBench. (Mostly from ABstractNetworkJob::setupConnections and
PropagateUploadFileV1::startNextChunk). It could be fixed by using normalized
signature in the connection statement, but i tought it was a good oportunity
to modernize the code.

This commit only contains calls that were automatically converted with clazy.
2017-09-21 14:05:39 +02:00
Jocelyn Turcotte
a1f1775d15 Move SyncJournalDB to src/common 2017-09-18 14:00:52 +02:00
Christian Kamm
8635b8ac84 Reduce timeout for some admin jobs
The oauth token jobs and the wizard redirect check job shouldn't have
5min timeouts.
2017-09-15 15:25:10 +02:00
Christian Kamm
671599c8b2 Credentials: Use per-account keychain entries #5830
This requires a lot of migration code: the old entries need to be read,
saved to the new locations and then deleted.
2017-09-15 09:29:05 +02:00
Christian Kamm
e05f5fc50d OAuth: Don't use implicit POST bodies
The query args of POST requests become the request body. If there's a
redirect, the redirected url will therefore not contain the query
arguments. Use an explicit request body to make the redirection work.
2017-09-15 09:28:03 +02:00
Christian Kamm
da6250fc1f OAuth: Pass client auth in header instead of url
To play more nicely with redirects.
2017-09-15 09:28:03 +02:00
Christian Kamm
7d075cdcb7 OAuth: Use redirectable jobs for oauth token management 2017-09-15 09:28:03 +02:00
Christian Kamm
de5de6284c Use DetermineAuthTypeJob in HttpCredentials
* Move it to networkjobs
* Minor adjustments to its logic
* Fixes redirect handling for oauth/basic http auth check #6003
2017-09-11 19:15:43 +02:00
Christian Kamm
506f7c0764 Http credentials: Fix behavior for bad password #5989
When the GET request from askFromUser is scheduled on the QNAM inside
the slot that handles the QNetworkReply::finished signal, it seems to
not get processed at all.

This workaround moves the sending of the new GET to the event loop,
sidestepping the problem.
2017-09-07 11:23:24 +02:00
Jocelyn Turcotte
cf15cbf0b3 Move Utility to a new common static library
Now that csync builds as C++, this will avoid having to implement
functionalities needed by csync mandatorily in csync itself.

This library is built as part of libocsync and symbols exported
through it.
This requires a relicense of Utility as LGPL. All classes moved into
this library from src/libsync will need to be relicensed as well.
2017-09-05 17:25:19 +02:00
Olivier Goffart
6ae88514d8 OAuth: clear refresh token when the server claim not to support oauth
Allow upgrade path when the server removes support for oauth
Relates: https://github.com/owncloud/client/issues/5848#issuecomment-317353049

We also need to force the account to commit the config to the disk,
otherwise we may not register we are no longer using owncloud and we
risk sending the password as the token to the token refresh API call
2017-07-25 12:34:13 +02:00
Olivier Goffart
50874eecfa OAuth: Add the user in the authorize call
Issues: #5897, https://github.com/owncloud/oauth2/issues/48
2017-07-17 10:13:12 +02:00
Olivier Goffart
06f3a70f9a OAuth: Better message when loggin in with the wrong username
Since the user is already in the browser, put the error message in the
browser with a message to log out and then log in as the right user.

Issue #5895
2017-07-14 11:17:24 +02:00
Olivier Goffart
5738110cb6 OAuth2: Have a link to the browser in the owncloud UI
When the browser is open, ad a link in the ui to re-open
the browser.

Issue #5893
2017-07-13 16:09:42 +02:00
Olivier Goffart
d34dbbdb0b OAuth: Redirects to the server in case of sucessfull login
Requires https://github.com/owncloud/oauth2/pull/45

This commit moves the reply after we got the token reply from
the server, that allows to reply with an error to the browser
if the login does not work.
2017-07-11 09:56:04 +02:00
Christian Kamm
a5ace5e71d Account/Credentials: Have identical lifetimes
The QNAM may continue to outlive both.

Rename Credentials::getQNAM() to createQNAM() while we're at it - it's
used to make a new QNAM that will subsequently be owned by the Account
object.

See d01065b9a1 for rationale.

Relates to
d40c56eda5
147cf798a6
2017-07-08 13:07:13 +02:00
Olivier Goffart
5100a2daf1 OAuth: cleanup debug messages
- Add category to the all messages (they did not have it was merged right after
the patch to add category everywhere, but this code did not have it.)

- Make sure there is no warnings in the normal flow. (The wizard does a request
without authentication to determine the auth type)
2017-06-13 12:08:24 +02:00
Christian Kamm
4b0d956b3d OAuth: Fix a typo in the success message 2017-06-12 12:58:20 +02:00
Olivier Goffart
04b6794318 OAuth: Error handling in the wizard
Issues: #5813 and #5811
2017-06-12 12:58:20 +02:00
Olivier Goffart
3d93527a8e Authentication with OAuth2
When the OAuth2 app (https://github.com/owncloud/oauth2) is enabled,
We will open a browser and perform the OAuth2 authentication

Issue: #4798 and https://github.com/owncloud/platform/issues/17
2017-06-01 10:39:33 +02:00
Christian Kamm
d3b00532b1 Credentials: Simplify credential flow #5728
And as a side effect: don't ask for user password when we can't
connect to the server in the first place.
2017-05-22 10:52:18 +02:00
Christian Kamm
c8d0f788e0 Apply clang-format 2017-05-17 12:26:27 +02:00
Christian Kamm
ae263d60bd Reformatting: Reformat some lines that would become really long 2017-05-17 12:26:27 +02:00
Christian Kamm
df3fe25702 Reformatting: Adjust trailing comments
These would otherwise be line-wrapped by clang-format,
and then consecutive reformattings remove the aligned
comment indentation

Example:

int a; // too long comment

->

int a; // too long
       // comment

->

int a; // too long
// comment
2017-05-17 12:26:27 +02:00
Jocelyn Turcotte
b7553d5bdf Upgrade some qCDebug to qCInfo or qCWarning
Use qCInfo for anything that has general value for support and
development. Use qCWarning for any recoverable error and qCCritical
for anything that could result in data loss or would identify a serious
issue with the code.

Issue #5647
2017-05-11 17:22:59 +02:00
Jocelyn Turcotte
4ad190a558 Use Qt logging categories for logging
This gives more insight about the logs and allow setting fine-tuned
logging rules. The categories are set to only output Info by default
so this allows us to provide more concise logging while keeping the
ability to extract more information for a specific category when
developping or debugging customer issues.

Issue #5647
2017-05-11 17:22:59 +02:00
Christian Kamm
2598579d84 Switch JsonApiJob to Qt5's QJson #5710 2017-05-08 11:50:33 +02:00
Markus Goetz
5ac58d3b83 Server: Parse version from capabilities too #5691 (#5698)
Newer servers will have the option of hiding version, versionstring, edition
and productname. They will always send the full information in the capabilities.
2017-04-19 11:02:03 +02:00
Christian Kamm
881b32521b HttpCreds: Update app passwords url #5605
See also owncloud/core#27360
2017-03-15 16:30:08 +01:00
Christian Kamm
b98876e265 Account server version: Helper to create versions
Hex literals don't work well with version 10: 0x100000 doesn't do
the right thing.
2017-03-15 16:30:08 +01:00
Christian Kamm
59c1fdbe05 Shib: Use different keychain entry per account #5469
Previously shib multiaccount didn't work at all because the
session cookie was stored in the same keychain entry.
2017-01-24 13:14:11 +01:00
Markus Goetz
c6f4f44619 Fix up SSL client certificates #5213 #69 (#5289)
The re-enables the UI, uses Qt API for importing and
stores the certificate/key in the system keychain.
People who had set up client certs need to re-setup the account. This is ok
since it was an undocumented feature anyway.
2017-01-02 08:34:02 +01:00
ckamm
ec7333a4bf Merge pull request #5272 from owncloud/licensefix-pending
License: Adjust license of GPLv2 source files to GPLv2+
2016-11-18 15:14:47 +01:00
Christian Kamm
10644d3568 Move concatUrl and settingsWithGroup to Utility
There was little reason to keep them cluttering Account.
2016-10-25 12:05:28 +02:00
Christian Kamm
cf48ea2e00 Remove unused functions
Account::changed and AbstractCredentials::changed have not been needed
in a long while.
2016-10-25 11:33:38 +02:00
Christian Kamm
db24f60ae3 License: Adjust license of GPLv2 source files to GPLv2+
See #5180
2016-10-25 11:06:54 +02:00
Olivier Goffart
1d09f6b60f Allow to disable Shiboleth to build without QtWebkit (#5166) 2016-09-11 16:14:08 +02:00
Markus Goetz
6ecda6e7f4 Merge branch '2.2' 2016-08-24 11:39:12 +02:00
Klaas Freitag
ebcec44202 ShibbolethView: Open a debug windows that shows cipher info. (#5080)
It opens a window and connects to a cipher test
page, showing the output from there, that helps for debugging.

The window is enabled by setting the environment variable
OWNCLOUD_SHIBBOLETH_DEBUG
2016-07-25 17:47:23 +02:00
Olivier Goffart
3f3a679f81 Fix the URL from previous commit
The pull request was merged too early and did not contain the URL change

(Issue #4877)
2016-06-28 14:17:16 +02:00
Olivier Goffart
cde9017340 GUI: Show link to the page that allow to add a new token (#4963)
If owncloud >= 9.1 is detected:
and add a link to the ownCloud page that allow to add device token.

Issue #4877
2016-06-28 12:25:04 +02:00
Olivier Goffart
cf1fe690a3 Shibboleth: Show the inspector if OWNCLOUD_SHIBBOLETH_DEBUG is set
Help to debug https://github.com/owncloud/enterprise/issues/1265
2016-05-17 12:29:20 +02:00
Markus Goetz
29932004ae Shibboleth: Load username from config for UI (#4751)
For https://github.com/owncloud/enterprise/issues/1034
2016-04-28 14:55:29 +02:00
Jocelyn Turcotte
8486a2fd2b Bring back the automatic authentication popups
Users have complained that they don't see the notification when it is
shown and are not aware that their files aren't syncing.

Remove the non-interactive credentials fetch logic and add make sure
that the shibboleth popup will flash in the taskbar instead.
This will still not allow the popup to show in front in all cases,
but this is a compromise that we have to chose.

This reverts commit dcb687929f.
Issue https://github.com/owncloud/enterprise/issues/990
2016-01-22 14:25:36 +01:00
Christian Kamm
4dfce57a58 Creds: Forget password on explicit sign-out #4241 2015-12-09 11:31:37 +01:00
Klaas Freitag
421c6a92f3 NetworkJobs: JSON network job now reports OCS reply code.
The signal jsonReceived() now not only delivers the raw json string, but
also the status code that came as OCS reply.

Also, fixed a typo in the signals name (recieved => received).
2015-11-19 16:01:51 +01:00
Markus Goetz
9337927722 legacy propagator: Remove more code 2015-10-28 10:59:02 +01:00
Markus Goetz
c8590c4468 Remove legacy propagator and neon
The code was already uneeded/unbuilt on Windows and OS X.
2015-10-20 17:57:43 +02:00
Olivier Goffart
557b704069 Fix compilation warning
shibbolethcredentials.h:59:10: warning: 'askFromUser' overrides a member
function but is not marked 'override' [-Winconsistent-missing-override]
2015-10-20 11:35:25 +02:00
Olivier Goffart
df135a0bb2 Merge branch '2.0'
Conflicts:
	src/gui/folder.cpp
2015-10-19 10:57:37 +02:00
Markus Goetz
983671c8cb Shibboleth: Add our base user agent to WebKit
For #3913
2015-10-16 09:15:47 +02:00
Phil Davis
b8ccbbc72a GUI comment and message typos for master 2015-10-05 10:06:19 +05:45
Jocelyn Turcotte
128d46e19a Remove *Credentials::_fetchJobInProgress
Now that fetchFromKeychain is solely called from AccountState::slotInvalidCredentials
and that this one already protects the fetch call using _waitingForNewCredentials,
we can remove that extra check.
2015-09-05 16:00:45 +02:00
Jocelyn Turcotte
6d027ebd40 Separate the credential dialog from their fetch #3350
This moves the responsibility of asking the user or not for
credentials from the Credentials classes back to the AccountState.
fetch() now only extract credentials from the keychain, reports
the result to the AccountState which then decides if askFromUser()
should be called or not. The result is once more reported to the
AccounState.

This also replaces the HttpCredentials::queryPassword virtual
which now lets HttpCredentialsGui and HttpCredentialsText do it
the way that they prefer.
2015-09-05 16:00:45 +02:00
Jocelyn Turcotte
94a57fe8d5 Get rid of ShibbolethRefresher
This is only for neon and not necessary if we want to show a notification
instead of a login window when the network reports invalid credentials.
2015-09-05 15:45:54 +02:00
Jocelyn Turcotte
dcb687929f Show a notification instead of a login window on startup #3350
The original problem is that showing a popup not originated
from the main settings window while it's focused won't be
shown in front to the user.

This try not to highjack the user's attention of the user
by showing a notification when checking the connection for
valid credentials, and require the user to sign in through
the UI. There are still issues with showing that popup from
the tray icon, but the user will most likely be looking for
the popup in that case. The new sign in button directly in
the settings account works properly.
2015-09-01 18:40:20 +02:00
Markus Goetz
01855302a0 Shibboleth: Use sslErrors() handler of rest of client #3593 2015-08-13 17:09:39 +02:00
Christian Kamm
5d9e752c71 HttpCreds: Add keychain failure hint. #3268 2015-07-17 14:39:43 +02:00
Christian Kamm
7053f76d1e Password dialog: Include account name.
Users with accounts on multiple servers could easily use the same
username on both servers. The password dialog did not tell users
what server the password is for. I added the account name to the
dialog.
2015-07-03 11:39:44 +02:00
Daniel Molkentin
66e8aaeabc Use doxygen style everywhere 2015-06-29 18:56:09 +02:00
Daniel Molkentin
0735aa1fbd Structure developer documentation
- rename target "doc-dev"
- group into modules
- move to doc/dev
2015-06-29 18:43:21 +02:00
Olivier Goffart
29fecb029e Merge remote-tracking branch 'origin/1.8'
Conflicts:
	VERSION.cmake
        src/gui/accountsettings.cpp
	src/gui/accountsettings.h
2015-06-25 12:30:52 +02:00
Olivier Goffart
bb85db6cc5 Fix windows build 2015-06-18 10:24:40 +02:00
Olivier Goffart
ce0a0e3f0d Credential: move the implementation to the gui 2015-06-15 17:39:28 +02:00